[SERVER-11030] Can't prompt for PEM password with —fork Created: 03/Oct/13 Updated: 10/Dec/14 Resolved: 07/Oct/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.5.2 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Kyle Erf | Assignee: | Unassigned |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Steps To Reproduce: | Build mongod with ssl enabled. Run something like mongod --sslOnNormalPorts --sslPEMKeyFile testServer.pem --sslCAFile testCA/cacert.pem --sslClusterFile testCluster.pem --clusterAuthMode x509 --fork --logpath log.out where one of the .pem files is password protected |
| Participants: |
| Description |
|
When running a mongod with --sslPEMKeyFile or --sslClusterFile, normally the user will be prompted for their key passwords for each given key if --sslPEMKeyPassword or --sslClusertPassword are not added as command line arguments. However, if a user uses a password-protected keyfile without a password given as a command line argument and also uses --fork, they are never prompted for a password; mongod just fails with the message: ERROR: cannot read PEM key file: /home/kyle/QA/QA-339/testCluster.pem error:0906406D:PEM routines:PEM_def_callback:problems getting password Forking without supplying a password for a .pem file on the command line should either still prompt the user for the password, or fail with a much more specific error message. |
| Comments |
| Comment by Eric Milkie [ 03/Oct/13 ] |
|
--fork is intended for noninteractive environments, so I don't think this is a real problem. We already [will] document that you must have an interactive terminal connected if you want to use this feature. |